Closed bladeswords closed 4 years ago
Is this about the servers installed at https://nominatim.openstreetmap.org/ , the software in this repository or the website https://nominatim.org/ ?
For the servers https://operations.osmfoundation.org/ , their mailing list is non-public and direct messaging via twitter neither of course.
We haven't setup email on nominatim.org so I can also offer https://opencagedata.com/security.txt to send an encrypted email to and I will coordinate the efforts.
Thanks @mtmail - to clarify it is for the software in this repository.
I will reach out to you using the supplied security.txt details.
FYI - there is also a feature to populate the github 'Security' tab for the repo using a SECURITY.md file.
github guide to adding security policy
and for a decent example SECURITY.md
You can also mail security issues directly to nominatim@lonvia.de.
Hi,
I have a security issue I would like to report with Nominatim. How would you like for me to communicate the issue for resolution?
Thanks :)